package com.huawei.gameassistant.utils;

import android.security.keystore.KeyGenParameterSpec;
import android.text.TextUtils;
import com.huawei.agconnect.datastore.annotation.SharedPreference;
import com.huawei.gameassistant.ko;
import com.huawei.gameassistant.xo;
import com.huawei.hms.network.embedded.Lc;
import com.huawei.security.keystore.HwUniversalKeyStoreProvider;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.math.BigInteger;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.spec.MGF1ParameterSpec;
import java.util.Arrays;
import java.util.GregorianCalendar;
import java.util.HashMap;
import java.util.Map;
import java.util.concurrent.Executors;
import java.util.concurrent.ScheduledExecutorService;
import javax.crypto.Cipher;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.OAEPParameterSpec;
import javax.crypto.spec.PSource;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: classes.dex */
public final class SecurityUtil {
    private static final String ALIAS_ENCRYPT = "appgallery_assistant_encrypt";
    private static final String ALIAS_ENCRYPT_1 = "appgallery_assistant_encrypt_1";
    private static final String ALIAS_SIGN = "appgallery_assistant_sign";
    public static final String CHARSET = "UTF-8";
    public static final int ERROR_MAX_COUNT = 3;
    private static final String KEYSTORE_NAME = "HwKeystore";
    private static final String SECURITY_INIT = "SecuritInit";
    private static final String SIGNATURE_TYPE_SHA256 = "SHA256WithRSA/PSS";
    private static final String SP_FILE_NAME = "SecuritConfig";
    private static final String TAG = "SecurityUtil";

    @SharedPreference(fileName = SP_FILE_NAME, key = SECURITY_INIT)
    boolean isInit;
    private static final Object LOCK = new Object();
    private static final SecurityUtil INSTANCE = new SecurityUtil();
    private ScheduledExecutorService singleThreadScheduledPool = Executors.newSingleThreadScheduledExecutor();
    private KeyStore ks = null;
    private Map<String, Key> privateKeyMap = new HashMap();
    private Map<String, Certificate[]> certificateChainMap = new HashMap();

    /* loaded from: classes.dex */
    class a implements Runnable {
        a() {
        }

        @Override // java.lang.Runnable
        public void run() {
            try {
                p.c(SecurityUtil.TAG, "init start");
                if (SecurityUtil.this.initKeyPair()) {
                    p.c(SecurityUtil.TAG, "init KeyPair success.");
                } else {
                    p.b(SecurityUtil.TAG, "init KeyPair fail.");
                }
            } catch (Throwable th) {
                p.a(SecurityUtil.TAG, "init Exception", th);
            }
        }
    }

    private SecurityUtil() {
        x.c().a(this);
    }

    private synchronized KeyPair generateKeyPair(String str, String str2, int i, String str3, String str4) {
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(str2, getHwUniversalKeyStoreProvider());
            GregorianCalendar gregorianCalendar = new GregorianCalendar();
            GregorianCalendar gregorianCalendar2 = new GregorianCalendar();
            gregorianCalendar2.add(1, 10);
            keyPairGenerator.initialize(ALIAS_SIGN.equals(str) ? new KeyGenParameterSpec.Builder(str, i).setDigests(str3).setSignaturePaddings(str4).setCertificateSerialNumber(BigInteger.valueOf(1337L)).setCertificateNotBefore(gregorianCalendar.getTime()).setCertificateNotAfter(gregorianCalendar2.getTime()).setAttestationChallenge("appAssistant".getBytes("UTF-8")).setUserAuthenticationRequired(false).build() : new KeyGenParameterSpec.Builder(str, i).setDigests(str3).setEncryptionPaddings(str4).setCertificateSerialNumber(BigInteger.valueOf(1337L)).setCertificateNotBefore(gregorianCalendar.getTime()).setCertificateNotAfter(gregorianCalendar2.getTime()).setAttestationChallenge("appAssistant".getBytes("UTF-8")).setUserAuthenticationRequired(false).build());
            return keyPairGenerator.generateKeyPair();
        } catch (InvalidAlgorithmParameterException e) {
            p.b(TAG, "generateKeyPair e:" + e.getMessage());
            return null;
        } catch (NoSuchAlgorithmException e2) {
            p.b(TAG, "generateKeyPair e:" + e2.getMessage());
            return null;
        } catch (Exception e3) {
            p.b(TAG, "generateKeyPair e:" + e3.getMessage());
            return null;
        }
    }

    private synchronized Certificate[] getCertificateChain(String str) {
        KeyStore.Entry entry;
        Certificate[] certificateArr = null;
        try {
            entry = this.ks.getEntry(str, null);
        } catch (Exception e) {
            p.b(TAG, "getCertificateChain e:" + e.getMessage());
        }
        if (entry == null) {
            p.e(TAG, "Entry is not exist");
            return null;
        }
        if (entry instanceof KeyStore.PrivateKeyEntry) {
            certificateArr = ((KeyStore.PrivateKeyEntry) entry).getCertificateChain();
            return certificateArr;
        }
        p.e(TAG, "Not an INSTANCE of a PrivateKeyEntry");
        return null;
    }

    public static SecurityUtil getInstance() {
        return INSTANCE;
    }

    public static String getSHA256Str(String str) {
        try {
            return f.a(MessageDigest.getInstance("SHA-256").digest(str.getBytes("UTF-8")));
        } catch (UnsupportedEncodingException e) {
            p.a(TAG, "getSHA256Str UnsupportedEncodingException", e);
            return "";
        } catch (NoSuchAlgorithmException e2) {
            p.a(TAG, "getSHA256Str NoSuchAlgorithmException", e2);
            return "";
        } catch (Exception e3) {
            p.a(TAG, "getSHA256Str Exception", e3);
            return "";
        }
    }

    public String aesBaseDecrypt(String str, byte[] bArr, byte[] bArr2) {
        if (bArr != null && bArr.length >= 16) {
            try {
                if (bArr.length > 16) {
                    bArr = Arrays.copyOf(bArr, 16);
                }
                SecretKeySpec secretKeySpec = new SecretKeySpec(bArr, "AES");
                Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
                cipher.init(2, secretKeySpec, new IvParameterSpec(bArr2));
                return new String(cipher.doFinal(b.a(str)), "UTF-8");
            } catch (Exception e) {
                p.a(TAG, "AESBaseDecrypt error", e);
            }
        }
        return null;
    }

    public String aesBaseEncrypt(String str, byte[] bArr, byte[] bArr2) {
        if (bArr == null || bArr.length < 16) {
            return "";
        }
        if (bArr.length > 16) {
            bArr = Arrays.copyOf(bArr, 16);
        }
        try {
            SecretKeySpec secretKeySpec = new SecretKeySpec(bArr, "AES");
            Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
            cipher.init(1, secretKeySpec, new IvParameterSpec(bArr2));
            return b.a(cipher.doFinal(str.getBytes("UTF-8"))).replaceAll("\n", "").replaceAll("\r", "");
        } catch (Exception e) {
            p.a(TAG, "AESBaseEncrypt Exception", e);
            return "";
        }
    }

    public String aesGcmDecrypt(String str, String str2, String str3) {
        try {
            return ko.a(str2, str, str3);
        } catch (Exception e) {
            p.a(TAG, "aesGcmDecrypt Exception:", e);
            return str2;
        }
    }

    public String aesGcmDecryptServer(String str, byte[] bArr) {
        return ko.b(str, bArr);
    }

    public String aesGcmEncrypt(String str, String str2, String str3) {
        try {
            return ko.b(str2, str, str3);
        } catch (Exception e) {
            p.a(TAG, "aesGcmEncrypt Exception:", e);
            return str2;
        }
    }

    public synchronized String baseDecrypt(String str) {
        try {
            if (TextUtils.isEmpty(str)) {
                p.b(TAG, "baseDecrypt inputStr is null!");
                return null;
            }
            byte[] a2 = b.a(str);
            Key key = this.privateKeyMap.get(ALIAS_ENCRYPT_1);
            if (key == null) {
                KeyStore.Entry entry = this.ks.getEntry(ALIAS_ENCRYPT_1, null);
                if (entry == null) {
                    p.b(TAG, "Entry is not exist");
                    return null;
                }
                if (!(entry instanceof KeyStore.PrivateKeyEntry)) {
                    p.b(TAG, "Not an INSTANCE of a PrivateKeyEntry");
                    return null;
                }
                key = ((KeyStore.PrivateKeyEntry) entry).getPrivateKey();
                this.privateKeyMap.put(ALIAS_ENCRYPT_1, key);
            }
            Cipher cipher = Cipher.getInstance("RSA/ECB/OAEPWithSHA-256AndMGF1Padding", getHwUniversalKeyStoreProvider());
            cipher.init(2, key, new OAEPParameterSpec("SHA-256", "MGF1", MGF1ParameterSpec.SHA1, PSource.PSpecified.DEFAULT));
            cipher.update(a2);
            byte[] doFinal = cipher.doFinal();
            if (doFinal == null) {
                return null;
            }
            return new String(doFinal, "UTF-8");
        } catch (Exception e) {
            p.a(TAG, "baseDecrypt Exception", e);
            return null;
        }
    }

    public String baseEncrypt(String str) {
        if (TextUtils.isEmpty(str)) {
            p.b(TAG, "encrypt error, sSrc is null");
            return "";
        }
        try {
            Certificate[] certificateArr = this.certificateChainMap.get(ALIAS_ENCRYPT_1);
            if (certificateArr == null) {
                certificateArr = getCertificateChain(ALIAS_ENCRYPT_1);
                if (certificateArr == null) {
                    return null;
                }
                this.certificateChainMap.put(ALIAS_ENCRYPT_1, certificateArr);
            }
            PublicKey publicKey = certificateArr[0].getPublicKey();
            Cipher cipher = Cipher.getInstance("RSA/ECB/OAEPWithSHA-256AndMGF1Padding");
            cipher.init(1, publicKey, new OAEPParameterSpec("SHA-256", "MGF1", MGF1ParameterSpec.SHA1, PSource.PSpecified.DEFAULT));
            cipher.update(str.getBytes("UTF-8"));
            byte[] doFinal = cipher.doFinal();
            if (doFinal != null) {
                return b.a(doFinal);
            }
        } catch (Exception e) {
            p.a(TAG, "baseEncrypt error", e);
        }
        return "";
    }

    public String decryptData(String str) {
        byte[] a2;
        Key key;
        if (TextUtils.isEmpty(str)) {
            p.b(TAG, "decryptData inputStr is null!");
            return "";
        }
        try {
            a2 = b.a(str);
            key = this.privateKeyMap.get(ALIAS_ENCRYPT);
        } catch (Exception e) {
            p.a(TAG, "decryptData Exception e", e);
        }
        if (key == null) {
            p.b(TAG, "decryptData privateKey is null");
            return null;
        }
        Cipher cipher = Cipher.getInstance("RSA/ECB/OAEPWithSHA-256AndMGF1Padding", getHwUniversalKeyStoreProvider());
        cipher.init(2, key, new OAEPParameterSpec("SHA-256", "MGF1", MGF1ParameterSpec.SHA1, PSource.PSpecified.DEFAULT));
        cipher.update(a2);
        byte[] doFinal = cipher.doFinal();
        if (doFinal != null) {
            return new String(doFinal, "UTF-8");
        }
        return "";
    }

    public Certificate[] getEncryptCertificateChain() {
        Certificate[] certificateArr = this.certificateChainMap.get(ALIAS_ENCRYPT);
        if (certificateArr != null) {
            return certificateArr;
        }
        Certificate[] certificateChain = getCertificateChain(ALIAS_ENCRYPT);
        this.certificateChainMap.put(ALIAS_ENCRYPT, certificateChain);
        return certificateChain;
    }

    public Provider getHwUniversalKeyStoreProvider() {
        try {
            return new HwUniversalKeyStoreProvider();
        } catch (Throwable th) {
            p.a(TAG, "getHwUniversalKeyStoreProvider Exception", th);
            return null;
        }
    }

    public byte[] getSaltBytes() {
        xo.a(true);
        return xo.b(16);
    }

    public String getSaltString() {
        xo.a(true);
        return xo.c(16);
    }

    public Certificate[] getSignCertificateChain() {
        Certificate[] certificateArr = this.certificateChainMap.get(ALIAS_SIGN);
        if (certificateArr != null) {
            return certificateArr;
        }
        Certificate[] certificateChain = getCertificateChain(ALIAS_SIGN);
        this.certificateChainMap.put(ALIAS_SIGN, certificateChain);
        return certificateChain;
    }

    public void init() {
        p.a(TAG, Lc.b);
        synchronized (LOCK) {
            if (com.huawei.appgallery.base.os.b.a("ro.config.gameassist.peripherals", 0) == 1) {
                try {
                    HwUniversalKeyStoreProvider.install();
                } catch (Throwable th) {
                    p.a(TAG, "Provider install Exception", th);
                }
                this.singleThreadScheduledPool.execute(new a());
            }
        }
    }

    public boolean initKeyPair() {
        boolean z;
        synchronized (LOCK) {
            if (this.isInit) {
                p.c(TAG, "isInit is true");
                z = true;
            } else {
                p.c(TAG, "start init KeyPair.");
                z = false;
                this.isInit = false;
                x.c().a(this);
                KeyPair generateKeyPair = generateKeyPair(ALIAS_SIGN, "RSA", 12, "SHA-256", "PSS");
                KeyPair generateKeyPair2 = generateKeyPair(ALIAS_ENCRYPT, "RSA", 3, "SHA-256", "OAEPPadding");
                KeyPair generateKeyPair3 = generateKeyPair(ALIAS_ENCRYPT_1, "RSA", 3, "SHA-256", "OAEPPadding");
                this.ks = null;
                this.privateKeyMap.clear();
                this.certificateChainMap.clear();
                if (generateKeyPair != null && generateKeyPair2 != null && generateKeyPair3 != null) {
                    z = true;
                }
                p.c(TAG, "init KeyPair result:" + z);
                if (z) {
                    this.isInit = true;
                    x.c().d(this);
                }
            }
        }
        return z;
    }

    public boolean isInitSuccess() {
        boolean z;
        synchronized (LOCK) {
            if (this.isInit) {
                try {
                    if (this.ks == null) {
                        this.ks = KeyStore.getInstance(KEYSTORE_NAME);
                        this.ks.load(null);
                        p.a(TAG, "Load keystore success!");
                    }
                    if (!this.privateKeyMap.containsKey(ALIAS_SIGN)) {
                        this.privateKeyMap.put(ALIAS_SIGN, this.ks.getKey(ALIAS_SIGN, null));
                        this.certificateChainMap.put(ALIAS_SIGN, getCertificateChain(ALIAS_SIGN));
                    }
                    if (!this.privateKeyMap.containsKey(ALIAS_ENCRYPT)) {
                        KeyStore.Entry entry = this.ks.getEntry(ALIAS_ENCRYPT, null);
                        if (entry instanceof KeyStore.PrivateKeyEntry) {
                            this.privateKeyMap.put(ALIAS_ENCRYPT, ((KeyStore.PrivateKeyEntry) entry).getPrivateKey());
                            this.certificateChainMap.put(ALIAS_ENCRYPT, getCertificateChain(ALIAS_ENCRYPT));
                        } else {
                            p.e(TAG, "Not an INSTANCE of a PrivateKeyEntry");
                            this.isInit = false;
                        }
                    }
                    if (!this.privateKeyMap.containsKey(ALIAS_ENCRYPT_1)) {
                        KeyStore.Entry entry2 = this.ks.getEntry(ALIAS_ENCRYPT_1, null);
                        if (entry2 instanceof KeyStore.PrivateKeyEntry) {
                            this.privateKeyMap.put(ALIAS_ENCRYPT_1, ((KeyStore.PrivateKeyEntry) entry2).getPrivateKey());
                            this.certificateChainMap.put(ALIAS_ENCRYPT_1, getCertificateChain(ALIAS_ENCRYPT_1));
                        } else {
                            p.e(TAG, "Not an INSTANCE of a PrivateKeyEntry");
                            this.isInit = false;
                        }
                    }
                    if (!this.isInit) {
                        p.b(TAG, "keyentry not exists, init again.");
                        x.c().d(this);
                        initKeyPair();
                    }
                } catch (Exception e) {
                    p.a(TAG, "Init KeyStore exception:", e);
                }
            }
            z = this.isInit;
        }
        return z;
    }

    public String signData(String str) throws NoSuchAlgorithmException, InvalidKeyException, SignatureException, IOException, NoSuchProviderException {
        if (TextUtils.isEmpty(str)) {
            p.b(TAG, "signData inputStr is null!");
            return null;
        }
        byte[] bytes = str.getBytes("UTF-8");
        Key key = this.privateKeyMap.get(ALIAS_SIGN);
        if (key == null) {
            p.b(TAG, "signData privateKey is null");
            return null;
        }
        Signature signature = Signature.getInstance(SIGNATURE_TYPE_SHA256, "HwUniversalKeyStoreProvider");
        signature.initSign((PrivateKey) key);
        signature.update(bytes);
        return b.a(signature.sign());
    }
}
